• dan@upvote.au
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 year ago

    Definitely on Debian, and I think on Ubuntu too.

    Package maintainers can be slow to update packages though. Debian have a separate security team that get patches out ASAP, and those packages go into a separate security repo. I imagine Ubuntu does the same. It’s that security team that only deals with “official” packages, meaning anything that’s not in contrib, non-free, or non-free-firmware.

    • interceder270@lemmy.world
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      To me, it looks like Debian and Ubuntu are both secure but you have to pay extra to make Ubuntu at least as secure as Debian.

      • dan@upvote.au
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        What you’re paying extra for are timely security updates for community-maintained packages that aren’t an official part of the OS. Debian doesn’t provide that for free either. Debian doesnt provide it at all since they don’t have any paid options.

          • dan@upvote.au
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            No. All the official packages in the main repo get security updates from the Debian security team.

            Only the packages in contrib, non-free and non-free-firmware don’t have official security updates and rely on the package maintainers. These are not considered part of the Debian distro, and I don’t even have them enabled on my servers.

            Out-of-the-box, Debian only enables the main repo, plus the non-free-firmware one if any of your devices require it (e.g. Nvidia graphics, Realtek Bluetooth, etc). You have to manually enable contrib and non-free, and by doing that, it’s assumed you know what you’re doing.

            In the case of non-free and non-free-firmware, they can be closed source software (like the Nvidia drivers) or have a non-open-source license that doesn’t allow distributing modified versions. In those cases, the Debian team is unable to patch them even if they wanted to.